This site has no ads. To help with hosting, crypto donations are accepted:
Bitcoin: 1JErV8ga9UY7wE8Bbf1KYsA5bkdh8n1Bxc
Zcash: zcLYqtXYFEWHFtEfM6wg5eCV8frxWtZYkT8WyxvevzNC6SBgmqPS3tkg6nBarmzRzWYAurgs4ThkpkD5QgiSwxqoB7xrCxs

Tue, 29 Oct 2013

Tired of your Virtual Machine's (VM's) network connection being b0rked every time your laptop moves to a
different network environment? So am I. The solution: use VirtualBox's Host-Only Adaptor option to put the
VM on it's own, routed, subnet so that kernel routing can shield the VM from the external network.
On VirtualBox:

Fri, 10 Apr 2009

Gentoo is justifiably held in great esteem for their very good
documentation. I am going to give you a simplified version of this
guide[1], from a Debian perspective, and also, some of the things I do
while building a router are simpler by design. Here are a couple other
interesting links for background reading: [2][3]

Why would you want to do this? Cheap commercial routers often do not
work very well, choking up on certain kinds of traffic, even locking up
regularly so that someone must manually cycle the power to restart them.
If you build your own router, you can keep the software up-to-date,
which is a big security advantage over the commercial competition. And
you can install any software you want on it, like your own web and
e-mail server, for instance. This is not meant to be an exhaustive
list....

Start with the cheapest, oldest laptop you can find with the capacity
for the number of network cards you want to use (two for a wired *or*
wireless local network, three for a wired *and* wireless local network).
One network card is needed to connect to the outside world (presumably,
the internet) and another one for *each* local network that you want to
connect to the internet (typically, a wired and / or a wireless
network).

Note that a really old laptop, like the Pentium One that I use, has
no CD and no USB. The easiest way to install Linux on it is to remove
the hard drive and place it temporarily in another computer (or a USB
enclosure) for the Linux installation. A minimal install is all that is
necessary, just enough to get a terminal command prompt and functioning
networking. Note that at least on Debian, standard kernels will work
right off the shelf. Then replace the newly installed drive in your
soon-to-be router.

Get a Wireless Card that Will Work

Setting up a router for a wired LAN (Local Area Network) is actually
a subset of setting up a wireless router, so I will just describe a
wireless router here. (Turning a wireless configuration into a wired
configuration just requires a minor alteration or two....) You need a
wireless card that will talk to the hostap_cs kernel driver, and also
supports "Master" mode. These are not easy to find in, in my experience. I
have stumbled across two, one of which broke and I am now having quite a
hard time replacing it.

The orinoco_cs and hostap_cs drivers support many of the same cards. Best
to just blacklist the orinoco_cs driver and take your laptop shopping for
cards. You really need to test the card before buying it (easy in the second
hand Chinese markets I shop in). If you find a card that the hostap_cs
driver recognizes, test for Master mode with the iwconfig command:

iwconfig wlan0 mode Master

If the card does not like Master mode, you will get an error something
like:

Configure Networking

I will avoid great detail here. The most probable options are, your
"outside world" network card will either connect directly and probably
be called "eth0", or it will connect using PPPOE which you will probably
configure with a very simple and straight-forward piece of software
called "pppoeconf" and result in a "ppp0" interface. For routing
purposes, all you need to know is what the interface is called, and that
it works.

As for the wireless card: give it a static IP and set it to Master
mode in /etc/network/interfaces:

Note that in the above, eth0 connects to the internet, and therefore in
this case I am not using PPPOE. I will address the slightly more complicated
case of PPP in /etc/network/interfaces at a later date.

Set Up Routing and Firewall

We will do them at the same time because the same software does both!
Install the "firehol" package. Then create a /etc/firehol/firehol.conf
file as follows:

There are tutorials out there that will step you through the creation
of this file, which is how I started, but if you are careful about the
customizaion process, you should be able to use my config as your
starting point.

Some salient points:

eth0 connects to the outside world, wlan0 is the wireless LAN, eth1 is
the wired LAN. Lines in "interface" blocks that begin with "server" list the
kinds of connections that the firewall will accept on that interface. All
other incoming connections will not be accepted by default.

Wed, 26 Nov 2008

Suppose you have two computers and only one network cable coming
into the room, and you want to save a few bucks and a bit of clutter
and not buy a switch....

One could set up one of the computers as a router per [1], creating
a sub-network within the room. But what if you do *not* want to create
a sub-network, ie. you want both computers on the same network?

The solution is to create a transparent network bridge between two
ethernet interfaces on one of the computers. On Debian, I use the
bridge-utils[2][3] package.

The bridge-utils-interfaces[4] manpage is a bit general, the best
reference I have found is here[5].

Setup is really quite simple in principle. Create the following
stanza in /etc/network/interfaces:

Here eth0 is attached to the outside network, and added to the
bridge br0 immediately. The br0 dhcp gets its IP through eth0, and the
local computer networks through br0-eth0. (This should work
irrespective of whatever might be going on with eth2.) eth2 is added to
the bridge, but it is not configured locally with an IP because it does
not need an IP. The only part eth2 plays in the network is to relay
traffic between the br0 bridge and any computer attached to it. Any
computer connecting to eth2 must take care of its own IP, through DHCP,
for example, which the bridge would just relay to the DHCP server in
the outside network.

At this point I have my firehol firewall turned *off*, which is
non-ideal. Once I figure out how to incorporate a firewall into
bridging, I will post.